Hi Yutaka,
Thanks for your response.
I have another question to ask you. The SSL site for which we want to
establish a session with, wanted to do a client authentication. How do we
generate a client certificate for Delegate? And how do we instruct Delegate
to send this certificate to the SSL server during authentication?
Thanks again!
Chris
On 3/10/07, Yutaka Sato <feedback@delegate.org> wrote:
>
> Hi,
>
> In message <_A3646@delegate-en.ML_> on
> 03/09/07(18:40:30)
> you "Kwis Angelo" <phyhabdyi.ml@ml.delegate.org> wrote:
> |I just downloaded Delegate 9.5.1 source and compiled it on Suse Linux 8.
> |
> |I then ran Delegate with the following command:
> |
> |./delegated -v -P8081 SERVER=http FSV=sslway MOUNT="/* https://host/*"
> |
> |The process started properly and after some tests, I can confirm that
> |protocol conversion between HTTP and HTTPS is actually being performed
> fine
> |:-)
> |
> |I have however some questions:
> |
> |1.) From the SSL-related article "http://www.delegate.org/delegate/ssl/",
> it
> |says there that to use sslway, one must do a "make -f Makefile.gosslway"
> |at filters/ directory, and then put the sslway executable in
> "DGROOT/lib".
> |I didn't actually do this -- I straight out ran Delegate with the command
> I
> |stated above. I thought that not having sslway would somehow cause SSL
> not
> |to work. But it did work fine. Can you please calrify?
>
> As written in the top of page, the document is obsoleted and you should
> read
> <URL:http://www.delegate.org/delegate/tls/>
> DeleGate after 9.0.1 does not need sslway as a external command but it
> uses the
> built-in version by default, and has a default certificate built into it
> too.
>
> |2.) How do I instruct Delegate not to establish sessions with HTTPS sites
> |not having a trusted Root CA?
>
> For example, put the CA's certicicate at DGROOT/etc/pems/cacert.pem and
> use
> it for verification as follows:
>
> FSV="sslway -Vrfy -CAfile pems/cacert.pem"
>
> Cheers,
> Yutaka
> --
> 9 9 Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
> ( ~ ) National Institute of Advanced Industrial Science and Technology
> _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> Do the more with the less -- B. Fuller
>